Made of awesome

Matt yaverot at nerdshack.com
Sat Sep 20 08:39:44 CEST 2008 

Alexander W. Janssen wrote:
> I just found this on the NCSA-ticker:
> http://security.ncsa.uiuc.edu/wiki/NCSA_makes_secure_group_email_services_available
> 
> Did anyone try this yet?

It does sound interesting, but how can I trust the signature of a key I
know wasn't generated by the appropriate user? How can anyone trust the
key the listserv generated for me? How can I be certain that at no point
in the future the serve isn't going to forge a signature, since it has
my private (use on list X only) key and passphrase?

How does doubling the number of keys I have (normal GPG, and now list X)
make my own key management simpler (as a simple end user)? What happens
when I find myself on 3 or 4 of these lists? What error do I receive if
I use the wrong key (or none at all)? I see how the admin holding a pool
of keys could make it easier on him.

Who decrypts my message encrypted to the listserve, and how does it get
re-encrypted to each valid list subscriber? How do I know that that
system isn't compromised? How do I know a rogue party isn't subscribed
to the list too?

Maybe because I'm just a casual end user, so I'm not "the market" for
this. It could be useful within an organization. After all if my boss
says "use this GPG key for all internal company email," then the most
effort I'll put in is double checking with a couple other employees that
they were told the same thing. But I wouldn't let any 'forced' trust
permissions affect my personal GPG WoT. And if it is entirely within an
organization, how does the complexity of this compare to:
1. key with shared password
2. a private 509x
3. a full 509x setup
4. running a listserve that decrypts and recrypts automatically under
your own control, using regular GPG keys which may be backed by the WoT.

I don't see an answer to any of these question on the webpages. (They
could be hidden in the PDFs.)

Or to ask the question the way I'd think Robert J. Hansen would ask it
(and I'm not 100% certain I'm using the words right):
What is my threat model, and how does this help? How does this compare
to other solutions?

More information about the Gnupg-users mailing list